8008793: SecurityManager.checkXXX behavior not specified for methods that check AWTPermission and AWT not present
Dmitry Samersoff
dmitry.samersoff at oracle.com
Mon Feb 25 13:21:26 UTC 2013
Alan,
Did you consider to explicitly throw security exception with the message
like "Permission couldn't be granted because of wrong profile" or
something like this.
-Dmitry
On 2013-02-25 16:07, Alan Bateman wrote:
>
> SecurityManager's checkTopLevelWindow, checkSystemClipboardAccess and
> checkAwtEventQueueAccess methods are specified to check AWTPermission.
> An outstanding issue is that they don't specify how they behave when AWT
> is not present (compact profiles, and modules in the future).
>
> I would like to change these methods so that they behave as if the
> permission check fails. I think this is the approach of least-surprise
> as it's not possible to grant anyone AWTPermission when the permission
> type does not exist.
>
> This the webrev with the proposed changes:
>
> http://cr.openjdk.java.net/~alanb/8008793/webrev/
>
> Note that the implementation changes are mostly just removing the "fake
> permission" code (this was originally put in to ensure that
> checkPermission was called with a permission that could never be
> granted, it's not needed now).
>
> Thanks,
>
> -Alan.
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* Give Rabbit time, and he'll always get the answer
More information about the security-dev
mailing list